Skip to main content
Matrix42 Self-Service Help Center

LDAP Data Provider Attribute Mapping

Data Model

Rules

  • Account attributes including state are imported from Active Directory
  • Account attributes are synchronized back to Active Directory except system (sid, USN-Changed and other attributes from section Common LDAP Attributes)
  • Corresponding Person is created for every Account that is imported from Active Directory
  • If Account is already associated with an existing Person, Person is not updated
  • Person attributes are set only in case when new Person is created during import from Active Directory
  • Person attributes are never updated during Import if Person already exists
  • Person attributes are not synchronized back to Active Directory

Account

Mapping
SPSAccountClassAD.Sid = sid

or

(SPSAccountClassBase.NBAccountName = sAMAccountName AND Domain)

or

(SPSAccountClassBase.AccountName = name AND Domain)

where Domain:

SPSAccountClassAD.Domain = @DomainId
Attributes
Name AD Data Definition Attribute Note
State CASE WHEN userAccountControl & 2 > 0 THEN 2002 ELSE 2001 END SPSCommonClassBase State  
Domain   SPSAccountClassAD Domain Relation, @DomainID
Account Name CASE WHEN userPrincipal
​Name IS NULL THEN samAccountName ELSE SubString(userPrincipal
​Name,0, PATINDEX(”%@%”, userPrincipalName)) 
END
SPSAccountClassBase AccountName  
NETBIOS Name sAMAccountName SPSAccountClassBase NBAccountName  
Person objectSid SPSAccountClassBase Owner Relation
Valid Until accountExpires SPSAccountClassBase ValidUntil  
Description description SPSAccountClassBase Description  
Federal State st SPSAccountClassBase FederalState  
Web Site wWWHomePage SPSAccountClassBase WebSite  
Phone telephonenumber SPSAccountClassBase Phone  
Address streetAddress SPSAddressClassBase

Street

 
Country co SPSAddressClassBase Country  
Fax facsimileTelephoneNumber SPSAddressClassBase Facsimile  
P.O. postalCode SPSAddressClassBase POBoxZIP  
P.O. Box postOfficeBox SPSAddressClassBase POBox  
City l SPSAddressClassBase City  
Email mail SPSAddressClassBase eMail  
Sid objectSid SPSAccountClassAD Sid  
Distinguished Name distinguishedName SPSAccountClassAD ADCN  
Locked userAccountControl & 16 SPSAccountClassAD Locked  
Home Drive Path CASE WHEN homeDrive IS NOT NULL THEN NULL ELSE homeDirectory END SPSAccountClassAD HomeDriveLocalPath  
Home Drive homeDrive SPSAccountClassAD HomeDriveLetter  
Home Drive UNC CASE WHEN homeDrive IS NOT NULL THEN homeDirectory ELSE NULL END SPSAccountClassAD HomeDriveUNCPath  
Connect Home Drive userAccountControl & 8 SPSAccountClassAD ConnectHomeDrive  
Logon Script scriptPath SPSAccountClassAD LogonScript  
Profile Path priofilePath SPSAccountClassAD ProfilePath  
First Name givenName SPSAccountClassADUser FirstName  
Last Name sn SPSAccountClassADUser LastName  
Initials initials SPSAccountClassADUser Initials  
IP Phone ipPhone SPSAccountClassADUser IPPhone  
Position title SPSAccountClassADUser Position  
Cell Phone mobile SPSAccountClassADUser MobilePhone  
Pager pager SPSAccountClassADUser Pager  
Office physicalDeliveryOfficeName SPSAccountClassADUser Office  
Department department SPSAccountClassADUser Department  
Company company SPSAccountClassADUser Company  
Private Phone homePhone SPSAccountClassADUser PrivatePhone  
Notes info SPSAccountClassADUser Notes  

Person

Mapping
SPSUserClassLdap.Sid = sid
Attributes
Name AD Data Definition Attribute Note
Display Name displayName SPSUserClassBase DisplayName  
First Name givenName SPSUserClassBase FirstName  
Last Name CASE WHEN sn IS NOT NULL THEN sn ELSE name END SPSUserClassBase LastName
 
 
Initials initials SPSUserClassBase Initials  
IP Phone ipPhone SPSUserClassBase IPPhone  
Mail Address mail SPSUserClassBase MailAddress  
Business Phone telephonenumber SPSUserClassBase BusinessPhone  
Cell Phone mobile SPSUserClassBase MobilePhone  
Pager pager SPSUserClassBase Pager  
Fax facsimileTelephoneNumber SPSUserClassBase Fax  
Position title SPSUserClassBase Position  
Department department SPSUserClassBase Department  
Office physicalDeliveryOfficeName SPSUserClassBase Office  
Company company SPSUserClassBase Company  
Private Phone homePhone SPSUserClassBase PrivatePhone  
Description description SPSUserClassBase Description  
Notes info SPSUserClassBase Notes  
Federal State st SPSAddressClassBase State  
Web Site WWWHomePage SPSAddressClassBase WebSite  
Phone telephonenumber SPSAddressClassBase Phone  
Address streetAddress SPSAddressClassBase Street  
Zip Code postalCode SPSAddressClassBase ZIP  
Country co SPSAddressClassBase Country  
P.O. postalCode SPSAddressClassBase POBoxZIP  
P.O. Box postOfficeBox SPSAddressClassBase POBox  
City l SPSAddressClassBase City  
Email mail SPSAddressClassBase eMail  
Distinguished Name distinguishedName SPSUserClassLdap DistinguishedName  
Sid sid SPSUserClassLdap Sid  

Computer

Rules

  • Computer state is set only in case when a new object is created
  • Computer account status (SPSComputerClassAD.AccountStatus) is maintained during import that reflects state in Active Directory

Mapping

SPSComputerClassAD.Sid = sid

or

(SPSComputerClassBase.NBName+’$’ = sAMAccountName AND Domain)

or

(SPSComputerClassAD.Name = name AND Domain)

Where Domain:

SPSComputerClassAD.Domain =@DomainId

Attributes

Name AD Data Definition Attribute Note
Description description SPSAssetClassBase Description  
Management Type 2 SPSAssetClassBase ManagementType  
Domain   SPSComputerClassAD Domain Relation, @DomainID
Sid sid SPSComputerClassAD Sid  
NETBIOS Name Substring(REPLACE(sAMAccountName, ‘$’, ”), 1, 16) SPSComputerClassAD NBName  
Account Status CASE WHEN userAccountControl & 2 > 0 THEN 2 ELSE 1 END SPSComputerClassAD AccountStatus  
Trust For Delegation CASE WHEN userAccountControl & 524288 > 0 THEN 1 ELSE 0 END SPSComputerClassAD TrustForDelegation
 
 
Name name SPSComputerClassBase Name  
Distinguished Name distinguishedName SPSComputerClassBase ADPath  
DNS Name dNSName SPSComputerClassBase DNSName  

Group

Rules

  • All specified attributes including state are imported from Active Directory
  • All specified attributes  are synchronized to active Directory (except system attributes (sid, USN-Changed) and other attributes from section Common LDAP Attributes)

Mapping

(SPSSecurityGroupClassAD.Sid = sid AND Domain)

or

(SPSSecurityGroupClassAD.NT4Name = sAMAccountName AND Domain)

or

(SPSSecurityGroupClassAD.Name = name AND Domain)

Where Domain:

SPSSecurityGroupClassAD.Domain =@DomainId

Attributes

Name AD Data Definition Attribute Note
State 2080 SPSCommonClassBase State  
Domain   SPSSecurityGroupClassAD Domain Relation, @DomainID
Name name SPSSecurityGroupClassAD Name  
NETBIOS Name sAMAccountName SPSSecurityGroupClassAD NT4Name  
Group Type groupType & 14 SPSSecurityGroupClassAD GroupType  
Security Group CASE WHEN groupType & 0x80000000 <> 0 THEN 1 ELSE 0 END SPSSecurityGroupClassAD IsSecurityGroup  
Sid sid SPSSecurityGroupClassAD Sid  
Distinguished Name distinguishedName SPSSecurityGroupClassAD ADCN  
Notes info SPSSecurityGroupClassAD Notes  
Description description SPSSecurityGroupClassAD Description  

Common LDAP Attbitutes

Name

AD

Data Definition

Attribute

Note

USN-Changed uSNChanged SPSCommonClassLdap uSNChanged  
Last Sync Date   SPSCommonClassLdap LastSyncDate Current date
Object GUID objectGuid SPSCommonClassLdap ObjectGuid  
Deleted   SPSCommonClassLdap Deleted 0 (False)
Synchronizable   SPSCommonClassLdap Synchronizable @Synchronizable